From d8a0b57d365b9acba2daa80f2417571369a7ae72 Mon Sep 17 00:00:00 2001
From: iWas-Coder <wasymatieh01@gmail.com>
Date: Tue, 17 Sep 2024 00:54:36 +0200
Subject: [PATCH] fix: filter SARIF file before uploading it to GH

---
 .github/workflows/ci.yaml | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 4d79d2c..659a44d 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -55,8 +55,6 @@ jobs:
         uses: github/codeql-action/init@v3
         with:
           languages: c-cpp
-          config: |
-            paths-ignore: [vendor]
       - name: configure
         run: |
           cmake                                         \
@@ -66,5 +64,19 @@ jobs:
             -DCMAKE_CXX_COMPILER=${{ matrix.cxx-compiler }}
       - name: build
         run: cmake --build build
-      - name: analyze
+      - name: run-codeql
         uses: github/codeql-action/analyze@v3
+        with:
+          output: sarif-results
+          upload: failure-only
+      - name: filter-codeql
+        uses: advanced-security/filter-sarif@v1
+        with:
+          patterns: |
+            -vendor/*
+          input: sarif-results/c-cpp.sarif
+          output: sarif-results/c-cpp.sarif
+      - name: upload-codeql
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: sarif-results/c-cpp.sarif